Example: Attaching Content Filtering UTM Policies to Security Policies

This example shows how to create a security policy and attach the UTM policy to the security policy.

Requirements

Before you begin:

  1. Configure UTM custom objects, define the content filtering profile, and create a UTM policy. See Content Filtering Configuration Overview.
  2. Enable and configure a security policy. See Example: Configuring a Security Policy to Permit or Deny All Traffic.

Overview

By attaching content filtering UTM policies to security policies, you can filter traffic transiting from one security zone to another.

In this example, you create a security policy called p4 and specify that traffic from any source address to any destination address with an HTTP application matches the criteria. You then assign a UTM policy called utmp4 to the security policy p4. This UTM policy applies to any traffic that matches the criteria specified in the security policy p4.

Configuration

CLI Quick Configuration

To quickly attach a content filtering UTM policy to a security policy, copy the following commands and paste them into the CLI.

[edit]set security policies from-zone trust to-zone untrust policy p4 match source-address anyset security policies from-zone trust to-zone untrust policy p4 match destination-address any set security policies from-zone trust to-zone untrust policy p4 match application junos-htttp set security from-zone trust to-zone untrust policy p4 then permit application-services utm-policy utmp4

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To attach a UTM policy to a security policy:

  1. Create a security policy.
    [edit]user@host# edit security policies from-zone trust to-zone untrust policy p4
  2. Specify the match conditions for the policy.
    [edit security policies from-zone trust to-zone untrust policy p4]user@host# set match source-address anyuser@host# set match destination-address anyuser@host#set match application junos-http
  3. Attach the UTM policy to the security policy.
    [edit security policies from-zone trust to-zone untrust policy p4]user@host# set then permit application-services utm-policy utmp4

Results

From configuration mode, confirm your configuration by entering the show security policies command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]user@host# show security policiesfrom-zone trust to-zone untrust {policy p4 {match {source-address any;destination-address any;application junos-http;}then {permit {application-services {utm-policy utmp4;}}}}}default-policy {permit-all;}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

Verifying Attaching Content Filtering UTM Policies to Security Policies

Purpose

Verify the attachment of the content filtering UTM policy to the security policy.

Action

From operational mode, enter the show security policy command.

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.